Sharing of a logic operator having a work register

ABSTRACT

A circuit for calculating a discriminating function with successive iterations and with a work register on data divided into blocks, comprising: a single operator in wired logic for executing the function; a plurality of work registers sharing said operator; and an element for selecting one of the work registers to be associated with the operator.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present invention generally relates to the processing ofbinary words by calculation functions. The present invention morespecifically relates to the execution, by a state machine in wired logicof an integrated circuit, of a calculation representing a functionlikely to be used by several applications within this same circuit.

[0003] 2. Discussion of the Related Art

[0004] An example of application of the present invention relates to theimplementation, within a same circuit, of several processings all usinga same operating function. For example, it may be a public key signatureprocessing, a data integrity control or a random generator forcryptography. In all the above cases, a so-called “Hash” discriminatingfunction is generally used, for example, functions known as SHA, MD5,etc.

[0005] Most of these discriminating functions are based on an iterativeprocessing of a message divided into blocks taking into account theresult of the previous iteration. They thus generally use a single workregister which is updated at each iteration and forms, at the functionend, an output register providing the desired result (calculatedsignature, integrity control authentication code, or random bit train)to be exploited by the rest of the circuit.

[0006] It would be desirable, for miniaturization, to be able to share asame logic operator for several processings exploiting a same function.

[0007] However, this poses several problems due to the very nature ofthe functions to which the present invention applies.

[0008] A first problem is linked to the existence of a work registerstoring the results of the different iterations. Indeed, this means inpractice that the result of the functions is only obtained at the end ofthe multiple iterations.

[0009] A solution would consist of having interrupts generated by otherapplications wait until the iteration calculation is over. This ishowever incompatible with a desire of real time execution required bysome applications needing the operator. For example, in the context ofan integrity control requiring the discrimination operator for anauthentication message calculation, it cannot be awaited until theoperator is freed by another application.

[0010] It could also have been devised to memorize an intermediary stateof an interruptible application to leave the work register and theoperator available for another priority-holding application. However, amemorization followed by a restoring of the states of the work registerassociated with the operator adversely affects the system performancesand weakens it as concerns security against possible piracies of thehandled quantities.

[0011] In practice, the only acceptable conventional solution whenseveral applications (signature, integrity, random number generation)must use a Hash-type discrimination function, is to provide as manycircuits (operator+register) as there are applications.

SUMMARY OF THE INVENTION

[0012] The present invention aims at providing a solution to the problemof the sharing of a logic operator by several applications exploiting asame iterative discrimination function.

[0013] The present invention also aims at providing a solution which iscompatible with the desired miniaturization of integrated circuits.

[0014] The present invention also aims at enabling sharing of theoperator in wired logic without adversely affecting the need for realtime processing of a priority-holding application.

[0015] To achieve these and other objects, the present inventionprovides a circuit for calculating a discriminating function withsuccessive iterations and with a work register on data divided intoblocks, comprising:

[0016] a single operator in wired logic for executing the function;

[0017] a plurality of work registers sharing said operator; and

[0018] an element for selecting one of the work registers to beassociated with the operator.

[0019] According to an embodiment of the present invention, eachregister stores a current state of the operator and the rank of thecorresponding iteration.

[0020] According to an embodiment of the present invention, saidfunction is a Hash function.

[0021] According to an embodiment of the present invention, amultiplexer forming the selection element is controlled by a prioritydecoder associated with an integrated processor containing saidcalculation circuit.

[0022] The foregoing objects, features and advantages of the presentinvention will be discussed in detail in the following non-limitingdescription of specific embodiments in connection with the accompanyingdrawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0023]FIG. 1 very schematically shows in the form of blocks anembodiment of the circuit for calculating a discrimination functionaccording to the present invention; and

[0024]FIG. 2 is a flowchart of a function exploited by the calculationcircuit of FIG. 1 according to an embodiment of the present invention.

DETAILED DESCRIPTION

[0025] For clarity, only those steps and those elements which arenecessary to the understanding of the present invention have been shownin the drawings and will be described hereafter. In particular, theexploitation made of the calculations by the discrimination functionhave not been detailed and are no object of the present invention, thepresent invention applying whatever the application requiring use of thewired operator. Further, the other components of an integrated circuitcontaining the calculation circuit of the present invention areconventional and have not been described.

[0026] A feature of the present invention is to dissociate, in acalculation circuit implementing an iterative discriminating functionwith a work register, the actual operator from the work register.According to the present invention, it is provided to share the operatorbetween several work registers individually dedicated to differentapplications.

[0027]FIG. 1 very schematically shows in the form of blocks anembodiment of a shared calculation circuit according to the presentinvention.

[0028] Circuit 1 essentially comprises a logic operator 2 (f(PSi-1, Bi))executing an operation using as operands a binary block B and a state PSrepresenting the result of the operation at a previous iteration.

[0029] The processed data (in the example of FIG. 1, block B) forms aportion of a data word for which an application requires use of thediscriminating function.

[0030] The previous state PSI-1 combined by logic state machine 2 withcurrent block Bi is initialized at the beginning of an iteration by aninitial value IS, and corresponds after the last iteration of thediscriminating function to final result FS required by the application.

[0031] Up to this point, what has been described corresponds to a wiredoperator of a conventional discriminating function. For example, it maybe a so-called Hash function.

[0032] According to the present invention, the input (PS) and the output(CS) states of operator 2 correspond to the successive contents of asingle work register per application. However, as many work registers 3(REG1, . . . , REGj, . . . REGn)) as there are applications to sharecircuit 1 are provided.

[0033] Each register 3 is equivalent to a conventional work registerassociated with a wired operator 2. However, according to the presentinvention, inputs/outputs of registers 3 are connected to the multipleinputs of a multiplexer 4 having a single input/output connected to theinput (signal PS)) of operator 2 and to the output (signal CS) ofoperator 2. Multiplexer 4 receives a selection signal (SEL) coming, forexample, from a priority control (not shown) associated with the centralprocessing unit of the processor integrating circuit 1.

[0034] Initial states IS1, . . . ISj, . . . ISn are loaded under controlof the CPU into each register 3. The final states FS1, FSj, . . . FSn offunction f after the required iterations are read individually from eachregister, by the processor circuits having required the application ofthe Hash function to a given binary word.

[0035] Conventionally, number m of iterations depends on the number ofdata blocks to be processed. According to the present invention, numbern of registers depends on the number of applications which requireoperator 2.

[0036]FIG. 2 is a simplified flowchart of the function performed byoperator 2.

[0037] The function starts (block 10, IS) from an initial state. Thisstate is, in the example of FIG. 1, previously loaded into one of thework registers associated with the application having requested thefunction. In a specific example applied to a so-called SHA function,this initial state is predetermined.

[0038] The initial state becomes, when multiplexer 4 assigns operator 2to the concerned register, first input value PS0 of the operator (block11, PS0=IS).

[0039] The function of the logic operator is then executed (block 12,CSi=f(PSi-1, Bi) on the first data couple, here the first data block tobe processed BI and the first input state PS0. This operation isrepeated for the m data blocks to be processed. Accordingly, thisamounts to testing (block 13, i=m ?) the end of the data word to beprocessed. If the result is negative, the iteration rank is incremented(block 14, i=i+1) and operator f is executed again with as input valuesPSi-1 and a new data block Bi. If the result is positive, output wordCSi provided with the operator is considered as being the final state FSfor the application having required the function.

[0040] According to the present invention, after each execution (block12) of the operator, current state CSi and rank i of the iteration arestored in the concerned register. This feature of the present inventionenables, in case the function is interrupted to make operator 2available for a higher-priority application, to keep the current rank ofthe function to avoid restarting it from the beginning.

[0041] Of course, to implement the present invention, the data words tobe processed by the discriminating function are also stored in adaptedmemorization elements (for example, registers). Rank i stored inregister 3 assigned to the application is used to select the appropriatedata block upon resumption of the iterations for the concernedapplication.

[0042] Generally, for the application to a Hash function, the data wordsare divided into blocks Bi of 512 bits each.

[0043] An advantage of the present invention is that it enables sharinga same operator in wired logic for several discriminating functionsexecuted by different applications of an integrated processor.

[0044] Another advantage of the present invention is that by avoidingstorage of the intermediary calculation states in an external memory ofthe integrated circuit, the present invention preserves the securitycharacter generally required for applications of discriminatingfunctions.

[0045] Another advantage of the present invention is that itsimplementation is particularly simple in an integrated processor. Inparticular, the implementation of the present invention is compatiblewith the hardware circuits and control processes generally used inintegrated processors. Further, the application processed by operator 2is transparent for said operator, in that all operates as if it was onlyconnected to one register.

[0046] According to a preferred example of application of the presentinvention, operator 2 is shared by several applications among which atleast one real time data integrity control. In this case, thisapplication is considered as holding the highest priority.

[0047] A second possible application may be a signature orauthentication code calculation having a lower priority rank.

[0048] To hold the third priority rank, it may be provided to useoperator 2 in the generation of a pseudo-random number which then holdsthe lowest priority rank.

[0049] Of course, the present invention is likely to have variousalterations, modifications, and improvements which will readily occur tothose skilled in the art. In particular, the practical forming of thecalculation circuit according to the present invention is within theabilities of those skilled in the art based on the functionalindications given hereabove. Further, the commands necessary to themultiplexer and to the different register by using conventional controlmeans are within the abilities of those skilled in the art. Moreover,although this has not been detailed, the selection of the block Biassigned to the data word of the application may be performed in severalmanners. For example, the integrated circuit CPU manages the reading ofthe desired blocks according to the decided priorities.

[0050] Such alterations, modifications, and improvements are intended tobe part of this disclosure, and are intended to be within the spirit andthe scope of the present invention. Accordingly, the foregoingdescription is by way of example only and is not intended to belimiting. The present invention is limited only as defined in thefollowing claims and the equivalents thereto.

What is claimed is:
 1. A circuit for calculating a discriminatingfunction with successive iterations and with a work register on datadivided into blocks, comprising: a single operator (2) in wired logicfor executing the function; a plurality of work registers (3) sharingsaid operator, each register storing a current state of the operator andthe rank of the corresponding iteration; and an element (4) forselecting one of the work registers to be associated with the operator.2. The circuit of claim 1, wherein said function is a Hash function. 3.The calculation circuit of claim 1, wherein a multiplexer (4) formingthe selection element is controlled by a priority decoder associatedwith an integrated processor containing said calculation circuit.